Single audit tool

ABSTRACT

Systems and techniques are disclosed for planning and performing an audit. The systems and techniques determine whether a Single Audit or a program-specific audit is to be performed for an entity, and automatically select one or more compliance procedures that are to be used during the auditing process.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.12/949,176, filed on Nov. 18, 2010, which claims priority to U.S.Provisional Application 61/387,166 filed on Sep. 28, 2010, the contentsof which are incorporated herein in its entirety.

COPYRIGHT NOTIFICATION

Portions of this patent application include materials that are subjectto copyright protection. The copyright owner has no objection to thefacsimile reproduction by anyone of the patent document itself, or ofthe patent application as it appears in the files of the United StatesPatent and Trademark Office, but otherwise reserves all copyright rightswhatsoever in such included copyrighted materials. The following noticeapplies to this document: Copyright © 2015 Thomson Reuters.

TECHNICAL FIELD

The present invention relates to the provision of and tools to assist inthe provision of professional services, and more particularly, tocomputer-implemented tools, resources, and processes for planning andexecuting a Single Audit.

BACKGROUND

Single Audit is an organization-wide examination of an entity thatreceives funds (typically federal funds) over a period of time. TheSingle Audit provides assurance to a granting institution that fundsawarded to entities, such as states, cities, universities, andnon-profit organizations, are being managed and used according toapplicable laws, regulations, contracts, and grant agreements.

Typically, the Single Audit is performed by an independent certifiedpublic accountant (CPA) and includes two main parts: an audit of thefinancial statements and a compliance audit of the entity's fundingprograms. The compliance audit of the funding programs includes (a)gaining an understanding of and testing internal controls overcompliance and (b) testing compliance with applicable compliancerequirements for major programs, and includes a planning stage and anexamining stage. The compliance audit of award programs is integratedwith the audit of the entity's financial statements.

A planning stage of the compliance audit of funding programs requires anauditor to familiarize himself/herself with the management and operationof the entity. Typically, the auditor identifies any funding awardsreceived by the entity and determines whether there is a high or lowrisk that the entity does not comply with laws and regulations. Asvarious funds are provided each year to different entities, each withtheir own style of management and operation, and as each awarded fundcan include different laws and regulations relating to fund use by theentity, the structure of Single Audits tends to differ from one entityto another entity.

Accordingly, improved systems and techniques are needed to plan andperform audits that are based on qualities and characteristics of anentity in addition to rules and procedures associated with grantedfunds.

SUMMARY

Systems and techniques are disclosed for planning and performing acompliance audit of funding programs. The systems and techniquesdetermine whether a Single Audit or a program-specific audit is to beperformed for an entity, and automatically select or enable selection ofone or more compliance procedures that are to be used during theauditing process.

For example, according to one aspect, a computer-implemented method forplanning an audit includes determining whether a Single Audit or aprogram-specific audit is to be performed for an entity based at leastin part on a received financial award associated with a funding programand entity-specific information. The method includes determining whetherthe funding program is to be evaluated as a major program by assessingrisk and coverage information associated with the financial award, andselecting automatically or enabling selection of at least one complianceprocedure to be used during the Single Audit or the program-specificaudit. The method also includes providing the at least one complianceprocedure to conduct the Single Audit or the program-specific audit.

In one embodiment, the method further includes conducting the SingleAudit or the program-specific audit. The entity-specific information caninclude information describing the type of entity. For example, in oneembodiment, the type of entity is one of a “Local Government”, “LocalEducation Agency”, “Indian Tribal Government”, “State Government”,“State Education Agency”, “Nonprofit Organization”, or combinationthereof.

In another embodiment, the method includes aggregating a plurality offunding programs into a grouping based on a similarity characteristicassociated with each of the plurality of funding programs, and selectingautomatically or enabling selection of at least one compliance procedurebased at least in part on the grouping.

In yet another embodiment, the method includes customizing the at leastone compliance procedure. Customizing the compliance procedure canincludes adding, deleting, and/or modifying a procedure automaticallyselected by the system or user.

In a further embodiment, a method for planning an audit for an entity isdisclosed. The method is carried out under the control of one or morecomputer systems configured with executable instructions. The methodincludes determining, using an engagement module of a web server, anaudit risk level for the entity and determining, using a program moduleof the web server, whether a Single Audit of the entity is to beperformed based at least in part on a financial award received by theentity exceeding a first threshold value and on first information,wherein the financial award is associated with at least one fundingprogram and the first information includes information specific to theentity and to the at least one funding program, wherein said informationspecific to the entity is determined from one or more user responses toa first set of questions provided through a graphical user interface. Ifthe financial award received by the entity does not exceed the firstthreshold level, determining, using the program module of the webserver, whether a program-specific audit is to be performed for theentity based at least on second information related to the at least onefunding program. The method also includes determining, using the programmodule of the web server, whether the at least one funding program is tobe evaluated as a major program at least in part by assessing risk andcoverage information associated with the financial award and the entity,said determining of the at least one funding program as a major programfurther comprising automatically determining whether the at least onefunding program can be clustered into a grouping of funding programs andprocessed as a single funding program based at least in part on whethera set of common compliance requirements can be applied to the at leastone funding program wherein said risk and coverage information isdetermined from one or more user responses to a second set of questionsprovided through a graphical user interface. The method further includesautomatically determining, using a compliance module of the web server,at least one compliance procedure from a plurality of complianceprocedures for use during the Single Audit or the program-specificaudit, said determining of the at least one compliance procedure for usebased on at least the determined audit risk level and the determinedfunding program evaluation and providing the at least one complianceprocedure to conduct the Single Audit or the program-specific audit.

A system, as well as articles that include a machine-readable mediumstoring machine-readable instructions for implementing the varioustechniques, are disclosed. Details of various implementations arediscussed in greater detail below.

Additional features and advantages will be readily apparent from thefollowing detailed description, the accompanying drawings and theclaims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic of an exemplary computer-based Single Auditsystem;

FIG. 2 is an exemplary method of planning and conducting a Single Audit;

FIGS. 3-6 illustrate an exemplary graphical user interface forestablishing a Single Audit for an entity;

FIGS. 7-15 illustrate an exemplary graphical user interface fordetermining whether a Single Audit is required for an entity;

FIGS. 16-21 illustrate an exemplary graphical user interface forassessing risk and coverage information associated with a fundingprogram;

FIGS. 22-23 illustrate an exemplary graphical user interface fordisplaying a compliance program; and

FIG. 24 illustrates an exemplary graphical user interface for displayinga diagnostic report associated with a Single Audit.

FIG. 25 illustrates an exemplary graphical user interface for assessingType B programs.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION

FIG. 1 shows an exemplary computer-based system 10 for planning andperforming a Single Audit. A ‘Single Audit’ refers to anorganization-wide examination of an entity, such as a local government,local education agency, Indian tribal government, state government,state education agency, or non-profit organization, to ensure that fundsreceived by the entity are expended, managed and controlled according tospecific rules and regulations. For example, in one embodiment, thesystem 10 is configured to provide assurances to the U.S. FederalGovernment that funds expended by an entity are managed and used inaccordance with the Single Audit Act of 1997, and regulations describedin the Office of Management and Budget's (OMB) Circular A-133, Audits ofState and Local Governments and Non-Profit Organizations.

As shown in FIG. 1, in one embodiment, the system 10 is configured toinclude an access device 12 that is in communication with a server 14over a network 16. The access device 12 can include a personal computer,laptop computer, or other type of electronic device, such as a cellularphone or Personal Digital Assistant (PDA). The access device 12 iscoupled to I/O devices (not shown) and includes a keyboard incombination with a pointing device such as a mouse for sending web pagerequests to the server 14. Preferably, memory of the access device 12 isconfigured to include a browser 12A that is used to request and receiveinformation from the server 14. Although only one access device 12 isshown in FIG. 1, the system 10 can support multiple access devices.

The network 16 can include various devices such as routers, servers, andswitching elements connected in an Intranet, Extranet or Internetconfiguration. In some implementations, the network 16 uses wiredcommunications to transfer information between the access device 12 andthe server 14. In another embodiment, the network 16 employs wirelesscommunication protocols. In yet other embodiments, the network 16employs a combination of wired and wireless technologies.

As shown in FIG. 1, in one embodiment, the server device 14 includes aprocessor 18, such as a central processing unit (‘CPU’), random accessmemory (‘RAM’) 20, input-output devices 22, such as a display device(not shown) and keyboard (not shown), and non-volatile memory 24, all ofwhich are interconnected via a common bus 26 and controlled by theprocessor 18. As shown in the FIG. 1 example, the non-volatile memory 24is configured to include a web server 28 for processing requests fromthe access device 12.

The web server 28 is configured to send requested web pages to thebrowser 12A of the access device 12. The web server 28 communicates withthe web browser 12A using one or more communication protocols, such asHTTP (Hyper Text Markup Language). In one embodiment, the web server 28is configured to include the Java 2 Platform, Enterprise Edition(‘J2EE’) for providing a plurality of displays on the browser 12A.

The web server 28 provides a run-time environment that includes softwaremodules that guide a user (e.g., an auditor) through a planning andexamining stage of the Single Audit. The software modules determinewhether a Single Audit is required for an entity and whether one or moreprograms associated with received funds of the entity are to beconsidered a “major program,” which would require specific testingduring the Single Audit. As used herein, the phrase “major program”refers to a federal award program that receives more focused auditprocedures during the Single Audit based on completion of a riskassessment process. Further, one or more software modules are configuredto automatically select or enable selection of compliance proceduresthat are to be used during performance of the Single Audit, and togenerate compliance checklists and worksheets for groups or clusters offunding programs to enable more efficient auditing.

For example, in one embodiment, as shown in FIG. 1, the run-timeenvironment includes the following software modules: an engagementmodule 30 to establish an audit engagement, a program module 32 todetermine whether a Single Audit or program-specific audit is to beperformed and to assess risk and coverage information associated with afunding program, a compliance module 34 to automatically select orenable selection of compliance procedures to be used during the audit,and a diagnostic module 36 to detect errors and/or inconsistenciesduring planning of the audit. Details of the software modules 30, 32,34, 36 configured in the run-time environment are discussed in furtherdetail below.

A data store 40 is provided that is utilized by software modules 30, 32,34, 36 to access and store information relating to the Single Audit. Inone embodiment, the data store 40 is a relational database. In anotherembodiment, the data store 40 is a directory server, such as aLightweight Directory Access Protocol (‘LDAP’) server. In yet otherembodiments, the data store 40 is a configured area in the non-volatilememory 24 of the device server 14. Although the data store 40 shown inFIG. 1 is connected to the network 16, it will be appreciated by oneskilled in the art that the data store 40 can be distributed acrossvarious servers and be accessible to the server 14 over the network 16,or alternatively, coupled directly to the server 14, or be configured inan area of non-volatile memory 24 of the server 14, or be functionallyprovided by other physical arrangements.

It should be noted that the system 10 shown in FIG. 1 is only oneembodiment of the disclosure. Other system embodiments of the disclosuremay include additional structures that are not shown, such as secondarystorage and additional computational devices. In addition, various otherembodiments of the disclosure include fewer structures than those shownin FIG. 1. For example, in one embodiment, the disclosure is implementedon a single computing device in a non-networked standaloneconfiguration. Data input is communicated to the computing device via aninput device, such as a keyboard and/or mouse. Data output of the systemis communicated from the computing device to a display device, such as acomputer monitor.

Turning now to FIG. 2, an exemplary method of planning an auditaccording to one embodiment of the invention is disclosed. As shown inthe FIG. 2 example, first, the engagement module 30 determines whetheran entity is to be considered a low risk or a high risk entity 42. Theengagement module 30 determines a risk level for an entity by evaluatinguser responses to a set of provided questions with a set of predefinedrules and regulations associated with funding programs. An example setof questions provided by the engagement module 30 are shown inconnection with FIGS. 4-6.

Next, the program module 32 determines which of any funding programsassociated with received funds are to be audited 44. In one embodiment,this step includes identifying any federal assistance expended by theentity during one year by federal program name, federal agency andCatalog of Federal Domestic Assistance (CFDA) number. The program module32 then combines these expenditures to determine the total amountexpended during the year. For example, in one embodiment, the programmodule 32 determines that a Single Audit is required for an entity iftotal federal expenditures during a year equal or exceed five hundredthousand dollars ($500,000). If the entity does not meet this threshold,the program module 32 determines that a Single Audit is not required. Inone embodiment, if the program module 32 determines that a Single Auditis not required, the user may elect to perform a program-specific audit,which is generally allowed when an entity expends Federal awards underonly one federal program and the federal program's laws, regulations, orgrant agreements do not require a financial statement audit, withoutauditing the entire entity.

As shown in FIG. 2, once the program module 32 determines which fundingprograms are to be audited, the program module 32 then categorizesidentified funding programs into either ‘Type A’ programs or ‘Type B’programs 46. In one embodiment, a ‘Type A’ program is determined by theprogram module 32 to be any funding program which an entity expendseither: (1) $300,000 or more of federal assistance for recipients with$10 million or less of expended federal assistance during the auditperiod, or (2) 3% of the total federal assistance expended during theyear for those who exceed $10 million, whichever is greater. In oneembodiment, for example, a ‘Type A’ program is a large federal awardprogram as determined by an amount of annual expenditures that exceed aminimum of $300,000 or a maximum of 0.15% of expenditures according to agraduated scale based on total expenditures. In certain instances, ‘TypeA’ programs are assessed as being low risk or not low risk.

A ‘Type B’ program is determined by the program module 32 to be anysingle program which does not meet the Type A requirements. Inparticular, in one embodiment, a ‘Type B’ program is a small federalaward program as determined by an amount of annual expenditures that donot exceed a minimum of $300,000 or a maximum of 0.15% of expendituresaccording to a graduated scale based on total expenditures. In certaininstances, Type B programs are assessed as being high risk or not highrisk. Details of determining and categorizing funding programs arediscussed in connection with FIGS. 7-15.

Once funding programs are categorized, the program module 32 thenassesses risk and coverage information associated with funds receivedand expended by the entity 48. In one embodiment, the program module 32is based on OMB Circular A-133 which requires the user to study andunderstand the operations and internal controls of programs within theentity, and perform and document a risk assessment based on such studyto determine whether each program has either a high or low risk of notcomplying with laws and regulations. OMB Circular A-133 used by thesystem 10 allows the user to consider numerous factors including currentand prior audit experience, good or poor internal controls over federalprograms, many or no prior audit findings, continuous or lack ofoversight exercised by the federal government over the recipient,evidence or knowledge of fraud, as well as inherent risk of the federalprogram.

In one embodiment, for any Type A program considered to have a risk ofnot complying that is not low, the program module 32 requires the userto perform a compliance audit on that program. For a Type A program thatis considered to be of low risk, the program module 32 does not requirethe user to perform a compliance audit, but rather allows the user toindicate whether an audit is to be performed on the funding program tomeet other requirements such as the percentage of coverage requirement.In one embodiment, the program module 32 enforces at least tworequirements for a funding program to be considered low risk. First, thefunding program needs to have been audited at least once in the last twoyears, and second, the funding program needs to have no audit findingswhen it was last audited. If the funding program does not comply witheither of these two requirements, the program module 32 automaticallyconsiders the program not low risk.

For Type B programs which have been identified as high-risk, the programmodule 32 provides the user with two options: either audit half of allhigh-risk Type B programs, or audit one Type B high-risk program forevery low-risk Type A program. Type B programs which do not have a highrisk of not complying are not required to be audited. Details ofassessing risk and coverage associated with funding programs arediscussed in connection with FIGS. 16-21.

Referring to FIG. 2, once risk and coverage information associated withfunding programs is determined, the compliance module 34 automaticallyselects (if the award is specifically included in the ComplianceSupplement) or automatically enables selection (if the award is notspecifically in the Compliance Supplement) of one or more complianceprocedures to be used during the Single Audit or program-specific audit50 and provides the same to the user in response to a request 52.Exemplary compliance procedures generated by the compliance module 34are shown in connection with FIGS. 22-23. FIG. 24 illustrates additionalinformation provided by functionality of the diagnostic module 36.

Turning now to FIG. 3, an example engagement setup screen 60 provided bythe engagement module 30 is shown. The engagement setup screen 60includes a database-selection area 62 to select a data store for storingaudit information, and an entity-details area 64. The entity-detailsarea 64 allows the user to specify an entity-name 72, entity-typeinformation 74, and whether the entity qualifies as an institution ofhigher education 76. Entity-type information can include, but is notlimited to, a ‘Local Government’, ‘Local Education Agency’, ‘IndianTribal Government’, ‘State Government’, ‘State Education Agency’,‘Nonprofit Organization’, or combinations thereof. In one embodiment, asshown in FIG. 3, the engagement setup screen 60 includes anengagement-name area 66 for identifying a name for the audit, anaudit-date field 68 for entering a fiscal year-end for the period underaudit, and a compliance-supplement section 70 for selecting a ComplianceSupplement to be used during a Single Audit.

The Compliance Supplement includes information regarding laws andregulations (e.g., compliance requirements) for selected fundingprograms provided by the U.S. Federal Government. OMB Circular A-133specifies a set of requirements that an entity must meet to beconsidered a low-risk entity which have been coded into the system.These requirements can include determining whether a Single Audit hasbeen performed for the entity on an annual basis in prior years,determining whether there are any unqualified auditor opinions onfinancial statements and/or Schedule of Federal Expenditures, whetherthere are significant deficiencies or material weaknesses identified inprior audits, as well as whether federal programs previously audited hadaudit findings (e.g., one or more deficiencies identified during anaudit) in the last two years.

As shown the FIG. 3 example, in one embodiment, a user-selectablehyperlink 78A is provided that allows the user to select a ComplianceSupplement to use during the audit. Upon the user selecting thehyperlink 78A, the engagement module 30 displays a user selectable listof Compliance Supplements (not shown) that can be used during theexamining stage of a Single Audit.

Advantageously, the engagement module 30 is configured to recommendwhich one of a plurality of user-selectable Compliance Supplementsshould be selected for the audit. In one embodiment, the selection isbased on the beginning of the fiscal year corresponding to the fiscalyear and date entered by the user. In various embodiments, however, theengagement module 30 allows the user to override this selection andselect a different Compliance Supplement, if desired.

Upon the user selecting the finish button 78A, the engagement module 30creates the engagement and stores the same in the data store specifiedin the database selection area 62. User selection of the cancel button78B terminates execution of the engagement setup screen 60.

Turning now to FIG. 4, in one embodiment, the engagement module 30provides the user with a set of questions, the responses to whichdetermine whether the entity is a low risk entity or not a low riskentity. As shown in the FIG. 4 example, the user is presented with aquestion as to whether the user has the option to waive use of riskcriteria for determining major programs. If the user responds ‘Yes’, theengagement module 30 displays the first bulleted question 80 shown inFIG. 4. Succeeding questions are then displayed only if relevant. Thatis, if the response to the first bulleted question 80 is ‘No’, theengagement module 30 displays the second bulleted question 82 shown inFIG. 4. Otherwise, if the response to the first bulleted question 80 is‘Yes’, the second bulleted question 82 is not displayed and theengagement module 30 displays the third bulleted question 84. Based on aresponse to the above-questions 80, 82, 84, the engagement module 32determines whether the entity is eligible to waive use of the riskcriteria for major program determination and, based on thedetermination, queries the user as to whether the user wishes to waiveuse of the risk criteria. Upon selection of the next button 86, theengagement module 32 provides an additional set of questions to theuser, as shown in FIGS. 5 and 6.

Turning now to FIGS. 5 and 6, in one embodiment, the engagement module30 is configured to prompt the user with a set of questions 88associated with different time intervals, the responses to which and areused by the engagement module 30 to determine whether the entity is tobe considered a low risk entity or not a low risk entity. As shown inthe FIGS. 5 and 6 examples, in one embodiment, the questions presentedby the engagement module 30 include, but are not limited to, whether aSingle Audit was performed in accordance with provisions of the OMBCircular A-133, whether the auditor's opinion on the financialstatements and the schedule of expenditures of federal awards wereunqualified, etc. User responses to the set of questions 88 are storedby the engagement module 30 in the data store 40 upon selection of thefinish button 90.

Referring now to FIG. 7, a financial awards summary screen 92 providedby the program module 32 is shown. The financial awards summary screen92 displays information regarding financial awards received and expendedby an entity. As shown in FIG. 7, in one embodiment, the financialawards summary screen 92 includes an add program button 94 that allowsthe user to specify information regarding a funding program.

FIG. 8 illustrates an exemplary add program screen 96 provided by theprogram module 32 to enter information regarding a funding program. Asshown in the FIG. 8 example, in one embodiment, the user can eitherenter a CFDA (Catalog of Federal Domestic Assistance) identifier orother number associated with the funding program 96A, or select adrop-down menu option 96B of CFDA identifiers from a pre-populated list.An example of pre-populated list of CFDA identifiers 98 is shown in FIG.9.

Turning now to FIGS. 10 and 11, if a CFDA identifier from thepre-populated list is selected, agency/department name 100 and programname 102 data entry fields are automatically populated by the programmodule 32. Other data entry fields include, but are not limited to, nameof grant 104, award amount 106 and total awards expended 108. In oneembodiment, the add program screen 96 includes checkboxes 110, 112 toindicate whether the entity is a subrecipient (e.g., a non-Federalentity that expends Federal awards received from a pass-through entityto carry out a Federal program), or a pass-through entity (e.g., anon-Federal entity that provides a Federal award to a subrecipient tocarry out a Federal program) for the added program. If the entity is nota subrecipient, grantor name 114 and program ID 116 data entry fieldsare disabled by the program module 32. Upon the user selecting the ‘OK’button 118, information entered by the user is stored in the data store40 and displayed in the financial awards summary screen 92 by theprogram module 32. FIG. 12 illustrates an example financial awardssummary screen for the ‘Conservation Reserve Program’ funding program.

Turning now to FIG. 13, a financial awards summary screen having aplurality of funding programs identified is shown. As shown in the FIG.13 example, the program module 32 maintains user entered programinformation concerning various funding programs. In one embodiment, asshown in FIG. 13, the program module 32 clusters funding programstogether. A cluster of programs is a grouping of closely relatedprograms sharing common compliance requirements. There are three typesof clusters of programs: research and development, student financialaid, and other clusters, as defined in the OMB Circular A-133 ComplianceSupplement or as designated by a state. In the system, a cluster ofprograms is processed as a single program when determining and testingmajor programs.

For example, in the example shown in FIG. 13, the program module 32automatically clustered the ‘Rural Rental Housing Loans’ 120 and ‘RuralRental Assistance Payments’ 122 programs together. Advantageously, byautomatically clustering programs together, one set of compliancerequirements can be applied by the program module 32 to the clusterwithout requiring the user to determine which funding programs areclosely related.

FIG. 14 illustrates an example conclusion screen 124 provided by theprogram module 32 to the user based on a determination that a SingleAudit is to be performed. In one embodiment, rules relating to whether aSingle Audit or program-specific audit is to be performed are defined inthe before mentioned OMB Circular A-133 and are coded in the programmodule 32. If the program module 32 determines that a Single Audit is tobe performed for the entity, the program module 32 displays a messageindicating the same to the user. For example, as shown in FIG. 14, inone embodiment, if federal awards expended equal or exceed five hundredthousand dollars ($500,000), the program module 32 determines that anaudit in accordance with OMB Circular A-133 (e.g., Single Audit) isrequired for the entity.

FIG. 15 illustrates an example conclusion screen 126 provided by theprogram module 32 to indicate that a program-specific audit is apossibility. As described previously, a program-specific audit is anaudit of a single funding program, without auditing the entire entity.For example, as shown in FIG. 15, in one embodiment, the conclusionscreen 126 presented to the user by the program module 132 includes aset of questions as to whether a program-specific audit is to beperformed. In one embodiment, the questions are based on whether federalprogram laws, regulations, contracts or grant agreements require afinancial statement audit, whether the federal agency or a pass-throughentity approved in advance a program-specific audit, and whether theentity elected to have a program-specific audit. Based on responses tothese additional questions, the program module 32 determines whether aprogram-specific audit is to be performed and, as shown in FIG. 15,indicates the same 128 on the conclusion screen 126.

Turning now to FIG. 16, in one embodiment, if the user elects to userisk criteria during the engagement process, the program module 32provides an assess risk screen 130 to the user. As shown in the FIG. 16example, the program module 32 automatically classifies identifiedprograms as either Type A programs 132 or Type B programs 134. In oneembodiment, for each Type A program identified, the program module 32provides an associated assess button 136. Upon a user selecting theassess button 136 associated with a Type A program, the program module32 retrieves and displays a set of questions relating to the particularType A program to the user (see FIG. 17). Upon entering one or moreresponses to the set of questions, the program module 32 determineswhether the funding program is to be considered low or not low risk.

For example, referring to FIG. 17, in one embodiment, upon selection ofthe assess button 136, the program module 32 displays a Type A DialogBox 138 to the user that includes questions that are displayed one at atime. When a conclusion can be determined by the program module 32 as towhether the funding program should be considered a low or not low risk,the program module 32 ceases to display any further questions regardingthe same and provides a conclusion to the user. If the program module 32is unable to determine whether the funding program is to be considered alow or not low risk, the program module 32 prompts the user to assessthe program as being low or not low risk.

Referring now to FIG. 18, for Type B programs, the program module 32provides the user with two selectable options for determining the numberof Type B programs to assess. As shown in FIG. 18, in one embodiment,upon the user selecting ‘Option 1’ 140, the user is instructed by theprogram module 32 to assess risk for all Type B programs that exceed apre-defined small program amount (e.g., $100,000 dollars). As shown inthe FIG. 18 example, all Type B programs are displayed by the programmodule 32, including those for which risk need not be assessed (e.g.,those funding programs that do not exceed the pre-defined small programamount).

Turning now to FIG. 19, in one embodiment, if the user selects ‘Option2’ 142, the program module 32 instructs the user as to how many Type Bprograms are to be assessed. In one embodiment, the programming logicfor determining the required number of programs to be assessed is codedinto the program module 32 and defined in OMB Circular A-133.

FIG. 20 illustrates an example Type B Dialog Box 150 that is displayedto the user by the program module 32 upon selection of an assess button136 associated with a Type B program. As shown in the FIG. 20 example,in one embodiment, the program module 32 provides a set of questionsrelating to assessing Type B programs that are high or not high risk.These questions are different than the set of questions provided by theprogram module 32 to the user for Type A programs.

In one embodiment, the program module 32 automatically selects the TypeB programs to audit as major programs (if possible) or displays aselection screen, as shown in FIG. 25, for the user to select which TypeB programs are to be audited as major programs. Once the required numberof programs has been assessed, the program module 32 determines whethercoverage requirements defined for funding programs have been met.

Coverage requirements relate to government rules that require aspecified percentage of received funds to be tested during the SingleAudit. For example, a coverage rule may specify that if an entityreceives one million dollars ($1,000,000) in federal funds, then atleast fifty percent (50%) of the one million dollars ($1,000,000) is tobe tested by the user during the Single Audit. In one embodiment,coverage requirements for funding programs are defined in OMB CircularA-133.

FIG. 21 illustrates an example assess coverage screen 151 provided bythe coverage module 32. As shown in FIG. 21, in one embodiment, theprogram module 32 displays for each program or cluster previouslyidentified an agency/department identifier 152, a CFDA or other number154, a program/cluster name 156, total awards expended 158, an amount ofawards selected for audit 160, risk level for the program/cluster 162,program type 164, date of last year audited as a major program 166, andcheckboxes 168 indicating whether each program is considered a Type A orType B program. As shown in FIG. 21, in one embodiment, funding programsidentified as major programs based on previous user data entry areautomatically checked and disabled 168A by the program module 32 on theassess coverage screen 151. The program module 32 assesses coverageregardless of whether the user elected to waive use of risk criteriaduring the engagement setup.

In one embodiment, the program module 32 displays a warning message (notshown) to the user if the coverage required for a program is not met.The coverage percentage used is based on the low risk/not low riskentity questions prompted during the engagement setup by the engagementmodule 30. For example, in one embodiment, the program module 32generates a warning message including a calculation of the additionalamount of award expenditures that needs to be tested in order to be incompliance with funding program rules and regulations. The computedamount is updated by the program module 32 as the major programcheckboxes 168 are selected and deselected. In one embodiment, the useris allowed to select additional programs to be audited as major programsuntil the coverage requirement is met. Referring now to FIG. 22, acompliance screen 170 provided by the compliance module 34 is shown. Thecompliance screen 170 displays a compliance program 172 determined bythe compliance module 34 for one or more identified funding programs. Inone embodiment, as shown in FIG. 22, the compliance program 172 includesone or more compliance requirements 174 that are automatically selectedby the compliance module 34 from a Compliance Supplement based onfunding programs selected and assessed by the user.

As shown in FIG. 22, in one embodiment, each section of the compliancerequirements 174 collapses and expands to help users navigate to variousparts of the compliance program efficiently. In addition, the compliancemodule 34 provides users with the ability to add and delete compliancerequirements.

For example, as shown in the FIG. 22 example, in one embodiment, theright hand pane 172A of the compliance program screen 170 includes alist of all compliance requirements determined automatically by thecompliance module 34. The compliance module 34 automatically selects thecompliance requirements applicable to one or more major programs andadds the same in the compliance program 172. Compliance requirements notincluded in the compliance program 172 are automatically deselected fromthe right pane 172A.

The compliance module 34 provides users with the ability to add anddelete compliance requirements by selecting and unselecting thecheckboxes in the right pane 172A. As shown in FIG. 22, in oneembodiment, the compliance module 34 also provides the user with a resetbutton 178 that allows the user to restore the compliance program 172 tooriginal selections generated by the compliance module 34. In anotherembodiment, the compliance module 34 allows the user to comment onrationale used in their selections of compliance requirements, which arethen stored by the compliance module 34 in the data store 40. If theaward is not in the Compliance Supplement, the application guides theuser in selecting and deselecting compliance requirements as describedabove by providing the user with tailoring procedures. The user maycustomize the compliance procedures in the middle pane by adding,deleting, and/or modifying a procedure automatically selected by thesystem or selected by the user.

FIG. 23 illustrates a compliance checklist screen 180 that is providedby the compliance module 134. In one embodiment, the compliance module34 is configured to compute a schedule of expenditures of federal awardsand a series of user selectable worksheets to guide the user through theexamination stage. For example, as shown in FIG. 23, in one embodiment,upon selecting one or more compliance procedure guidelines 180A andchecklists 180B, the compliance module 34 generates a single documentcontaining textual guidance (e.g., guidance that is unique to theprogram and guidance that is common to all programs), and anotherdocument containing only procedural checklists that can be used duringthe examination stage. Background guidance and procedure checklists canbe generated in MS Word® format or a plurality of other standarddocument formats specified by the user.

Once checklists are generated, the user conducts the audit by examiningfiles, documents, contracts, checks, etc. of the entity. The user mayinvestigate, to some degree, transactions between the funding programand other parties. Results are then compared with items identified inone or more checklists to determine if the entity is in compliance ornot with funding program rules and procedures.

Turning now to FIG. 24, a display screen comprising a diagnostic report182 generated by the diagnostic module 36 for a Single Audit is shown.The diagnostic module 36 is configured to provide guidance to the useras well as determine whether there are any possible errors and/orinconsistencies with user-entered responses to questions that couldand/or would affect the quality of the audit. As shown in the FIG. 24example, in one embodiment, the diagnostic report 182 relates to, but isnot limited to, entered federal award information, major programdetermination, as well as the transfer of engagements between users. Inanother embodiment, the diagnostic module 36 performs tests oftransactions and account balances to ensure that information presentedin financial statements and notes thereof are accurate.

Various features of the system may be implemented in hardware, software,or a combination of hardware and software. For example, some features ofthe system may be implemented in one or more computer programs executingon programmable computers. Each program may be implemented in a highlevel procedural or object-oriented programming language to communicatewith a computer system or other machine. Furthermore, each such computerprogram may be stored on a storage medium such as read-only-memory (ROM)readable by a general or special purpose programmable computer orprocessor, for configuring and operating the computer to perform thefunctions described above.

What is claimed is:
 1. A method for planning an audit for an entity, themethod carried out under the control of one or more computer systemsconfigured with executable instructions and comprising: determining,using an engagement module of a web server, an audit risk level for theentity; determining, using a program module of the web server, whether aSingle Audit of the entity is to be performed based at least in part ona financial award received by the entity exceeding a first thresholdvalue and on first information, wherein the financial award isassociated with at least one funding program and the first informationincludes information specific to the entity and to the at least onefunding program, wherein said information specific to the entity isdetermined from one or more user responses to a first set of questionsprovided through a graphical user interface, said one or more userresponses to the first set of questions are directed to the entity'saudit history; if the financial award received by the entity does notexceed the first threshold level, determining, using the program moduleof the web server, whether a program-specific audit is to be performedfor the entity based at least on second information related to the atleast one funding program; determining, using the program module of theweb server, whether the at least one funding program is to be evaluatedas a major program at least in part by assessing risk and coverageinformation associated with the financial award and the entity, saidrisk and coverage information comprising audit experience, degree ofoversight exercised by a government entity and presence of fraud anddetermined from one or more user responses to a second set of questionsprovided through a graphical user interface, said determining of the atleast one funding program as a major program further comprising:determining that a set of common compliance requirements apply to the atleast one funding program; identifying other funding programs for whichthe set of common compliance requirements also applies; clustering theat least one funding program and the other funding programs togetherinto a cluster of funding programs based on the set of common compliancerequirements; and processing the cluster of funding programs as a singlefunding program; automatically determining, using a compliance module ofthe web server, at least one compliance procedure from a plurality ofcompliance procedures for use during the Single Audit or theprogram-specific audit, said determining of the at least one complianceprocedure for use based on at least the determined audit risk level andthe determined funding program evaluation; customizing the at least onecompliance procedure, wherein customizing the at least one complianceprocedure includes adding, deleting, or modifying the at least onecompliance procedure; providing the at least one compliance procedure toconduct the Single Audit or the program-specific audit; automaticallydetermining, using a diagnostic module of the web server, at least oneof an inconsistency, error and missing response from the one or moreuser responses to the first set of questions and the one or more userresponses to the second set of questions; and providing a diagnosticreport outlining the determined one or more inconsistencies, errors andmissing responses from the one or more user responses to the first setof questions and the one or more user responses to the second set ofquestions.
 2. The method of claim 1, further comprising conducting theSingle Audit or the program-specific audit using the at least onecompliance procedure.
 3. The method of claim 1, wherein conducting theSingle Audit or the program-specific audit comprises documenting theSingle Audit or the program-specific audit.
 4. The method of claim 1,wherein the entity-specific information comprises information describinga type of entity, the type of entity selected from the group consistingof “Local Government”, “Local Education Agency”, “Indian TribalGovernment”, “State Government”, “State Education Agency”, “NonprofitOrganization”, or combinations thereof.
 5. The method of claim 1,further comprising the step of categorizing the at least one fundingprogram, the categorizing based at least in part on the amount ofexpenditures by the entity, and wherein determining whether the fundingprogram is to be evaluated as a major program comprises analyzingwhether the funding program qualifies as a ‘Type A’ program or a ‘TypeB’ program.
 6. The method of claim 1, further comprising the step of:automatically selecting the at least one compliance procedure to be usedduring the Single Audit or the program-specific audit.
 7. The method ofclaim 6, wherein automatically selecting the at least one complianceprocedure is based on a Compliance Supplement.
 8. The method of claim 6,wherein automatically selecting the at least one compliance procedure isbased on the financial award and the funding program.
 9. The method ofclaim 6, wherein automatically selecting the at least one complianceprocedure is based on the financial award, the funding program, and theentity-related information.
 10. The method of claim 6, whereinautomatically selecting the at least one compliance procedure is basedon the financial award, the funding program, the entity-relatedinformation, and risk and coverage information.
 11. The method of claim1, further comprising the step of: enabling selection by a user of theat least one compliance procedure to be used during the Single Audit orthe program-specific audit.
 12. The method of claim 11, wherein enablingselection of the at least one compliance procedure is based on aCompliance Supplement.
 13. The method of claim 11, wherein enablingselection of the at least one compliance procedure is based on thefinancial award and the funding program.
 14. The method of claim 11,wherein enabling selection of the at least one compliance procedure isbased on the financial award, the funding program, and theentity-related information.
 15. The method of claim 11, wherein enablingselection of the at least one compliance procedure is based on thefinancial award, the funding program, the entity-related information,and risk and coverage information.
 16. A system comprising: a serverincluding a processor and memory storing instructions that, in responseto receiving a request for access to a service, cause the processor to:determine, using an engagement module of a web server, an audit risklevel for the entity; determine, using a program module of the webserver, whether a Single Audit of the entity is to be performed based atleast in part on a financial award received by the entity exceeding afirst threshold value and on first information, wherein the financialaward is associated with at least one funding program and the firstinformation includes information specific to the entity and to the atleast one funding program, wherein said information specific to theentity is determined from one or more user responses to a first set ofquestions provided through a graphical user interface, said one or moreuser responses to the first set of questions are directed to theentity's audit history; if the financial award received by the entitydoes not exceed the first threshold level, determining, using theprogram module of the web server, whether a program-specific audit is tobe performed for the entity based at least on second information relatedto the at least one funding program; determine, using the program moduleof the web server, whether the at least one funding program is to beevaluated as a major program at least in part by assessing risk andcoverage information associated with the financial award and the entity,said risk and coverage information comprising audit experience, degreeof oversight exercised by a government entity and presence of fraud anddetermined from one or more user responses to a second set of questionsprovided through a graphical user interface, said instructions todetermining of the at least one funding program as a major programfurther comprising instruction to: determine that a set of commoncompliance requirements apply to the at least one funding program;identify other funding programs for which the set of common compliancerequirements also applies; cluster the at least one funding program andthe other funding programs together into a cluster of funding programsbased on the set of common compliance requirements; and process thecluster of funding programs as a single funding program; automaticallydetermine, using a compliance module of the web server, at least onecompliance procedure from a plurality of compliance procedures for useduring the Single Audit or the program-specific audit, said determiningof the at least one compliance procedure for use based on at least thedetermined audit risk level and the determined funding programevaluation; customize the at least one compliance procedure, whereincustomizing the at least one compliance procedure includes adding,deleting, or modifying the at least one compliance procedure; providethe at least one compliance procedure to conduct the Single Audit or theprogram-specific audit; automatically determine, using a diagnosticmodule of the web server, at least one of an inconsistency, error andmissing response from the one or more user responses to the first set ofquestions and the one or more user responses to the second set ofquestions; and provide a diagnostic report outlining the determined oneor more inconsistencies, errors and missing responses from the one ormore user responses to the first set of questions and the one or moreuser responses to the second set of questions.
 17. The system of claim16, further comprising conducting the Single Audit or theprogram-specific audit using the at least one compliance procedure. 18.The system of claim 16, wherein conducting the Single Audit or theprogram-specific audit comprises documenting the Single Audit or theprogram-specific audit.
 19. The system of claim 16, wherein theentity-specific information comprises information describing a type ofentity, the type of entity selected from the group consisting of “LocalGovernment”, “Local Education Agency”, “Indian Tribal Government”,“State Government”, “State Education Agency”, “Nonprofit Organization”,or combinations thereof.
 20. The system of claim 16, further comprisingthe step of categorizing the at least one funding program, thecategorizing based at least in part on the amount of expenditures by theentity, and wherein determining whether the funding program is to beevaluated as a major program comprises analyzing whether the fundingprogram qualifies as a ‘Type A’ program or a ‘Type B’ program.
 21. Thesystem of claim 16, further comprising the step of automaticallyselecting the at least one compliance procedure to be used during theSingle Audit or the program-specific audit.
 22. The system of claim 21,wherein automatically selecting the at least one compliance procedure isbased on a Compliance Supplement.
 23. The system of claim 21, whereinautomatically selecting the at least one compliance procedure is basedon the financial award and the funding program.
 24. The system of claim21, wherein automatically selecting the at least one complianceprocedure is based on the financial award, the funding program, and theentity-related information.
 25. The system of claim 21, whereinautomatically selecting the at least one compliance procedure is basedon the financial award, the funding program, the entity-relatedinformation, and risk and coverage information.
 26. The system of claim16, further comprising the step of enabling selection by a user of theat least one compliance procedure to be used during the Single Audit orthe program-specific audit.
 27. The system of claim 26, wherein enablingselection of the at least one compliance procedure is based on aCompliance Supplement.
 28. The system of claim 26, wherein enablingselection of the at least one compliance procedure is based on thefinancial award and the funding program.
 29. The system of claim 26,wherein enabling selection of the at least one compliance procedure isbased on the financial award, the funding program, and theentity-related information.
 30. The system of claim 26, wherein enablingselection of the at least one compliance procedure is based on thefinancial award, the funding program, the entity-related information,and risk and coverage information.
 31. A system for planning an auditcomprising: a data store comprising a plurality of complianceprocedures; a server operatively coupled to the data store, the serverincluding a processor and memory storing instructions that, in responseto receiving a first request for access to a service, cause theprocessor to: determine, using an engagement module of a web server, anaudit risk level for the entity; provide a first set of questions and asecond set of questions to an entity provided through a graphical userinterface; determine, using a program module of the web server, whethera Single Audit or a program-specific audit is to be performed for theentity based on a response to the first set of questions, said first setof questions are directed to inquiring as to the entity's audit history;determine, using the program module of the web server, whether a fundingprogram associated with a financial award received by the entity is tobe evaluated as a major program based on a response to the second set ofquestions, wherein the instructions to cause the processor to determinewhether the funding program associated with the financial award receivedby the entity is to be evaluated as a major program includesinstructions to cause the processor to: determining that a set of commoncompliance requirements apply to the at least one funding program;identifying other funding programs for which the set of commoncompliance requirements also applies; clustering the at least onefunding program and the other funding programs together into a clusterof funding programs based on the set of common compliance requirements;and processing the cluster of funding programs as a single fundingprogram; determine, using a program module of the web server, whetherthe entity is low risk or not low risk; select automatically, using acompliance module of the web server, at least one compliance procedurefrom the plurality of compliance procedures to be used during the SingleAudit or the program-specific audit; customize the at least onecompliance procedure, wherein customizing the at least one complianceprocedure includes adding, deleting, or modifying the at least onecompliance procedure; automatically determine at least one of aninconsistency, error and missing response from the one or more userresponses to the first set of questions and the one or more userresponses to the second set of questions; provide a diagnostic reportoutlining the determined one or more inconsistencies, errors and missingresponses from the one or more user responses to the first set ofquestions and the one or more user responses to the second set ofquestions; generate a signal associated with the at least one complianceprocedure and the diagnostic report; and transmit the signal.
 32. Thesystem of claim 31, wherein the memory stores instructions that, inresponse to receiving the first request, cause the processor to displaythe first set of questions, the second set of questions, or combinationsthereof, on a display device.
 33. The system of claim 31, wherein the atleast one compliance procedure is based on a Compliance Supplement. 34.The system of claim 31, wherein the first set of questions areentity-related questions.
 35. The system of claim 31, wherein the secondset of questions relates to risk and coverage information associatedwith the funding program.
 36. The system of claim 31, wherein the memorystores instructions that, in response to receiving the first request,causes the processor to: select automatically or enable selection of theat least one compliance procedure based at least in part on theclustering.
 37. The system of claim 31, wherein the at least onecompliance procedure is based on at least the financial award.
 38. Thesystem of claim 31, wherein the at least one compliance procedure isbased on the financial award and the funding program.
 39. The system ofclaim 31, wherein the at least one compliance procedure is based on thefinancial award, the funding program, and the entity-relatedinformation.
 40. The system of claim 31, wherein the at least onecompliance procedure is based on the financial award, the fundingprogram, the entity-related information, and risk and coverageinformation.
 41. The system of claim 31, wherein the memory storesinstructions that, in response to receiving the first request, cause theprocessor to analyze whether the funding program qualifies as a ‘Type A’program or a ‘Type B’ program.